- •Chapter 1 Introduction
- •1.1 Target audience
- •1.2 What is new in EJB 1.1
- •1.3 Application compatibility and interoperability
- •1.4 Acknowledgments
- •1.5 Organization
- •1.6 Document conventions
- •Chapter 2 Goals
- •2.1 Overall goals
- •2.2 Goals for Release 1.0
- •2.3 Goals for Release 1.1
- •Chapter 3 EJB Architecture Roles and Scenarios
- •3.1 EJB Architecture Roles
- •3.1.1 Enterprise Bean Provider
- •3.1.2 Application Assembler
- •3.1.3 Deployer
- •3.1.4 EJB Server Provider
- •3.1.5 EJB Container Provider
- •3.1.6 System Administrator
- •3.2 Scenario: Development, assembly, and deployment
- •Chapter 4 Overview
- •4.1 Enterprise Beans as components
- •4.1.1 Component characteristics
- •4.1.2 Flexible component model
- •4.2 Enterprise JavaBeans Architecture contracts
- •4.2.1 Client-view contract
- •4.2.2 Component contract
- •4.2.4 Contracts summary
- •4.3 Session and entity objects
- •4.3.1 Session objects
- •4.3.2 Entity objects
- •4.4 Standard mapping to CORBA protocols
- •Chapter 5 Client View of a Session Bean
- •5.1 Overview
- •5.2 EJB Container
- •5.2.1 Locating a session bean’s home interface
- •5.2.2 What a container provides
- •5.3 Home interface
- •5.3.1 Creating a session object
- •5.3.2 Removing a session object
- •5.4 EJBObject
- •5.5 Session object identity
- •5.6 Client view of session object’s life cycle
- •5.7 Creating and using a session object
- •5.8 Object identity
- •5.8.1 Stateful session beans
- •5.8.2 Stateless session beans
- •5.8.3 getPrimaryKey()
- •5.9 Type narrowing
- •Chapter 6 Session Bean Component Contract
- •6.1 Overview
- •6.2 Goals
- •6.3 A container’s management of its working set
- •6.4 Conversational state
- •6.4.1 Instance passivation and conversational state
- •6.4.2 The effect of transaction rollback on conversational state
- •6.5 Protocol between a session bean instance and its container
- •6.5.1 The required SessionBean interface
- •6.5.2 The SessionContext interface
- •6.5.3 The optional SessionSynchronization interface
- •6.5.4 Business method delegation
- •6.5.5 Session bean’s ejbCreate(...) methods
- •6.5.6 Serializing session bean methods
- •6.5.7 Transaction context of session bean methods
- •6.6 STATEFUL Session Bean State Diagram
- •6.6.1 Operations allowed in the methods of a stateful session bean class
- •6.6.2 Dealing with exceptions
- •6.6.3 Missed ejbRemove() calls
- •6.6.4 Restrictions for transactions
- •6.7 Object interaction diagrams for a STATEFUL session bean
- •6.7.1 Notes
- •6.7.2 Creating a session object
- •6.7.3 Starting a transaction
- •6.7.4 Committing a transaction
- •6.7.5 Passivating and activating an instance between transactions
- •6.7.6 Removing a session object
- •6.8 Stateless session beans
- •6.8.1 Stateless session bean state diagram
- •6.8.2 Operations allowed in the methods of a stateless session bean class
- •6.8.3 Dealing with exceptions
- •6.9 Object interaction diagrams for a STATELESS session bean
- •6.9.1 Client-invoked create()
- •6.9.2 Business method invocation
- •6.9.3 Client-invoked remove()
- •6.9.4 Adding instance to the pool
- •6.10 The responsibilities of the bean provider
- •6.10.1 Classes and interfaces
- •6.10.2 Session bean class
- •6.10.3 ejbCreate methods
- •6.10.4 Business methods
- •6.10.5 Session bean’s remote interface
- •6.10.6 Session bean’s home interface
- •6.11 The responsibilities of the container provider
- •6.11.1 Generation of implementation classes
- •6.11.2 Session EJBHome class
- •6.11.3 Session EJBObject class
- •6.11.4 Handle classes
- •6.11.5 EJBMetaData class
- •6.11.6 Non-reentrant instances
- •6.11.7 Transaction scoping, security, exceptions
- •Chapter 7 Example Session Scenario
- •7.1 Overview
- •7.2 Inheritance relationship
- •7.2.1 What the session Bean provider is responsible for
- •7.2.2 Classes supplied by container provider
- •7.2.3 What the container provider is responsible for
- •Chapter 8 Client View of an Entity
- •8.1 Overview
- •8.2 EJB Container
- •8.2.1 Locating an entity bean’s home interface
- •8.2.2 What a container provides
- •8.3 Entity bean’s home interface
- •8.3.1 create methods
- •8.3.3 remove methods
- •8.4 Entity object’s life cycle
- •8.5 Primary key and object identity
- •8.6 Entity Bean’s remote interface
- •8.7 Entity bean’s handle
- •8.8 Entity home handles
- •8.9 Type narrowing of object references
- •Chapter 9 Entity Bean Component Contract
- •9.1 Concepts
- •9.1.1 Runtime execution model
- •9.1.2 Granularity of entity beans
- •9.1.3 Entity persistence (data access protocol)
- •9.1.3.1 Bean-managed persistence
- •9.1.3.2 Container-managed persistence
- •9.1.4 Instance life cycle
- •9.1.5 The entity bean component contract
- •9.1.5.1 Entity bean instance’s view:
- •9.1.5.2 Container’s view:
- •9.1.6 Operations allowed in the methods of the entity bean class
- •9.1.7 Caching of entity state and the ejbLoad and ejbStore methods
- •9.1.7.1 ejbLoad and ejbStore with the NotSupported transaction attribute
- •9.1.8 Finder method return type
- •9.1.9 Standard application exceptions for Entities
- •9.1.9.1 CreateException
- •9.1.9.2 DuplicateKeyException
- •9.1.9.3 FinderException
- •9.1.9.4 ObjectNotFoundException
- •9.1.9.5 RemoveException
- •9.1.10 Commit options
- •9.1.11 Concurrent access from multiple transactions
- •9.1.12 Non-reentrant and re-entrant instances
- •9.2 Responsibilities of the Enterprise Bean Provider
- •9.2.1 Classes and interfaces
- •9.2.2 Enterprise bean class
- •9.2.3 ejbCreate methods
- •9.2.4 ejbPostCreate methods
- •9.2.5 ejbFind methods
- •9.2.6 Business methods
- •9.2.7 Entity bean’s remote interface
- •9.2.8 Entity bean’s home interface
- •9.2.9 Entity bean’s primary key class
- •9.3 The responsibilities of the Container Provider
- •9.3.1 Generation of implementation classes
- •9.3.2 Entity EJBHome class
- •9.3.3 Entity EJBObject class
- •9.3.4 Handle class
- •9.3.5 Home Handle class
- •9.3.6 Meta-data class
- •9.3.7 Instance’s re-entrance
- •9.3.8 Transaction scoping, security, exceptions
- •9.3.9 Implementation of object references
- •9.4 Entity beans with container-managed persistence
- •9.4.2 ejbCreate, ejbPostCreate
- •9.4.3 ejbRemove
- •9.4.4 ejbLoad
- •9.4.5 ejbStore
- •9.4.7 primary key type
- •9.4.7.3 Special case: Unknown primary key class
- •9.5 Object interaction diagrams
- •9.5.1 Notes
- •9.5.2 Creating an entity object
- •9.5.3 Passivating and activating an instance in a transaction
- •9.5.4 Committing a transaction
- •9.5.5 Starting the next transaction
- •9.5.6 Removing an entity object
- •9.5.7 Finding an entity object
- •9.5.8 Adding and removing an instance from the pool
- •Chapter 10 Example entity scenario
- •10.1 Overview
- •10.2 Inheritance relationship
- •10.2.1 What the entity Bean Provider is responsible for
- •10.2.2 Classes supplied by Container Provider
- •10.2.3 What the container provider is responsible for
- •Chapter 11 Support for Transactions
- •11.1 Overview
- •11.1.1 Transactions
- •11.1.2 Transaction model
- •11.1.3 Relationship to JTA and JTS
- •11.2 Sample scenarios
- •11.2.1 Update of multiple databases
- •11.2.2 Update of databases via multiple EJB Servers
- •11.2.3 Client-managed demarcation
- •11.2.4 Container-managed demarcation
- •11.2.5 Bean-managed demarcation
- •11.2.6 Interoperability with non-Java clients and servers
- •11.3 Bean Provider’s responsibilities
- •11.3.1 Bean-managed versus container-managed transaction demarcation
- •11.3.1.1 Non-transactional execution
- •11.3.2 Isolation levels
- •11.3.3 Enterprise beans using bean-managed transaction demarcation
- •11.3.3.1 getRollbackOnly() and setRollbackOnly() method
- •11.3.4 Enterprise beans using container-managed transaction demarcation
- •11.3.4.1 javax.ejb.SessionSynchronization interface
- •11.3.4.2 javax.ejb.EJBContext.setRollbackOnly() method
- •11.3.4.3 javax.ejb.EJBContext.getRollbackOnly() method
- •11.3.5 Declaration in deployment descriptor
- •11.4 Application Assembler’s responsibilities
- •11.4.1 Transaction attributes
- •11.5 Deployer’s responsibilities
- •11.6 Container Provider responsibilities
- •11.6.1 Bean-managed transaction demarcation
- •11.6.2 Container-managed transaction demarcation
- •11.6.2.1 NotSupported
- •11.6.2.2 Required
- •11.6.2.3 Supports
- •11.6.2.4 RequiresNew
- •11.6.2.5 Mandatory
- •11.6.2.6 Never
- •11.6.2.7 Transaction attribute summary
- •11.6.2.8 Handling of setRollbackOnly() method
- •11.6.2.9 Handling of getRollbackOnly() method
- •11.6.2.10 Handling of getUserTransaction() method
- •11.6.2.11 javax.ejb.SessionSynchronization callbacks
- •11.7 Access from multiple clients in the same transaction context
- •11.7.1 Transaction “diamond” scenario with an entity object
- •11.7.2 Container Provider’s responsibilities
- •11.7.3 Bean Provider’s responsibilities
- •11.7.4 Application Assembler and Deployer’s responsibilities
- •11.7.5 Transaction diamonds involving session objects
- •Chapter 12 Exception handling
- •12.1 Overview and Concepts
- •12.1.1 Application exceptions
- •12.1.2 Goals for exception handling
- •12.2 Bean Provider’s responsibilities
- •12.2.1 Application exceptions
- •12.2.2 System exceptions
- •12.2.2.1 javax.ejb.NoSuchEntityException
- •12.3 Container Provider responsibilities
- •12.3.1 Exceptions from an enterprise bean’s business methods
- •12.3.2 Exceptions from container-invoked callbacks
- •12.3.3 javax.ejb.NoSuchEntityException
- •12.3.4 Non-existing session object
- •12.3.5 Exceptions from the management of container-managed transactions
- •12.3.6 Release of resources
- •12.3.7 Support for deprecated use of java.rmi.RemoteException
- •12.4 Client’s view of exceptions
- •12.4.1 Application exception
- •12.4.2 java.rmi.RemoteException
- •12.4.2.1 javax.transaction.TransactionRolledbackException
- •12.4.2.2 javax.transaction.TransactionRequiredException
- •12.4.2.3 java.rmi.NoSuchObjectException
- •12.5 System Administrator’s responsibilities
- •12.6 Differences from EJB 1.0
- •Chapter 13 Support for Distribution
- •13.1 Overview
- •13.2 Client-side objects in distributed environment
- •13.3 Standard distribution protocol
- •Chapter 14 Enterprise bean environment
- •14.1 Overview
- •14.2 Enterprise bean’s environment as a JNDI API naming context
- •14.2.1 Bean Provider’s responsibilities
- •14.2.1.1 Access to enterprise bean’s environment
- •14.2.1.2 Declaration of environment entries
- •14.2.2 Application Assembler’s responsibility
- •14.2.3 Deployer’s responsibility
- •14.2.4 Container Provider responsibility
- •14.3 EJB references
- •14.3.1 Bean Provider’s responsibilities
- •14.3.1.1 EJB reference programming interfaces
- •14.3.1.2 Declaration of EJB references in deployment descriptor
- •14.3.2 Application Assembler’s responsibilities
- •14.3.3 Deployer’s responsibility
- •14.3.4 Container Provider’s responsibility
- •14.4 Resource manager connection factory references
- •14.4.1 Bean Provider’s responsibilities
- •14.4.1.1 Programming interfaces for resource manager connection factory references
- •14.4.1.2 Declaration of resource manager connection factory references in deployment descriptor
- •14.4.1.3 Standard resource manager connection factory types
- •14.4.2 Deployer’s responsibility
- •14.4.3 Container provider responsibility
- •14.4.4 System Administrator’s responsibility
- •14.5 Deprecated EJBContext.getEnvironment() method
- •14.6 UserTransaction interface
- •Chapter 15 Security management
- •15.1 Overview
- •15.2 Bean Provider’s responsibilities
- •15.2.1 Invocation of other enterprise beans
- •15.2.2 Resource access
- •15.2.3 Access of underlying OS resources
- •15.2.4 Programming style recommendations
- •15.2.5 Programmatic access to caller’s security context
- •15.2.5.1 Use of getCallerPrincipal()
- •15.2.5.2 Use of isCallerInRole(String roleName)
- •15.2.5.3 Declaration of security roles referenced from the bean’s code
- •15.3 Application Assembler’s responsibilities
- •15.3.1 Security roles
- •15.3.2 Method permissions
- •15.3.3 Linking security role references to security roles
- •15.4 Deployer’s responsibilities
- •15.4.1 Security domain and principal realm assignment
- •15.4.2 Assignment of security roles
- •15.4.3 Principal delegation
- •15.4.4 Security management of resource access
- •15.4.5 General notes on deployment descriptor processing
- •15.5 EJB Architecture Client Responsibilities
- •15.6 EJB Container Provider’s responsibilities
- •15.6.1 Deployment tools
- •15.6.2 Security domain(s)
- •15.6.3 Security mechanisms
- •15.6.4 Passing principals on EJB architecture calls
- •15.6.5 Security methods in javax.ejbEJBContext
- •15.6.6 Secure access to resource managers
- •15.6.7 Principal mapping
- •15.6.8 System principal
- •15.6.9 Runtime security enforcement
- •15.6.10 Audit trail
- •15.7 System Administrator’s responsibilities
- •15.7.1 Security domain administration
- •15.7.2 Principal mapping
- •15.7.3 Audit trail review
- •Chapter 16 Deployment descriptor
- •16.1 Overview
- •16.2 Bean Provider’s responsibilities
- •16.3 Application Assembler’s responsibility
- •16.4 Container Provider’s responsibilities
- •16.5 Deployment descriptor DTD
- •16.6 Deployment descriptor example
- •Chapter 17 Ejb-jar file
- •17.1 Overview
- •17.2 Deployment descriptor
- •17.5 Deprecated in EJB 1.1
- •17.5.1 ejb-jar Manifest
- •17.5.2 Serialized deployment descriptor JavaBeans™ components
- •Chapter 18 Runtime environment
- •18.1 Bean Provider’s responsibilities
- •18.1.1 APIs provided by Container
- •18.1.2 Programming restrictions
- •18.2 Container Provider’s responsibility
- •18.2.1 Java 2 Platform-based Container
- •18.2.1.1 Java 2 APIs requirements
- •18.2.1.2 EJB 1.1 requirements
- •18.2.1.3 JNDI 1.2 requirements
- •18.2.1.4 JTA 1.0.1 requirements
- •18.2.1.5 JDBC™ 2.0 extension requirements
- •18.2.2 JDK™ 1.1 based Container
- •18.2.2.1 JDK 1.1 APIs requirements
- •18.2.2.2 EJB 1.1 requirements
- •18.2.2.3 JNDI 1.2 requirements
- •18.2.2.4 JTA 1.0.1 requirements
- •18.2.2.5 JDBC 2.0 extension requirements
- •18.2.3 Argument passing semantics
- •Chapter 19 Responsibilities of EJB Architecture Roles
- •19.1 Bean Provider’s responsibilities
- •19.1.1 API requirements
- •19.1.2 Packaging requirements
- •19.2 Application Assembler’s responsibilities
- •19.3 EJB Container Provider’s responsibilities
- •19.4 Deployer’s responsibilities
- •19.5 System Administrator’s responsibilities
- •19.6 Client Programmer’s responsibilities
- •Chapter 20 Enterprise JavaBeans™ API Reference
- •package javax.ejb
- •package javax.ejb.deployment
- •Chapter 21 Related documents
- •Appendix A Features deferred to future releases
- •Appendix B Frequently asked questions
- •B.1 Client-demarcated transactions
- •B.2 Inheritance
- •B.3 Entities and relationships
- •B.4 Finder methods for entities with container-managed persistence
- •B.5 JDK 1.1 or Java 2
- •B.6 javax.transaction.UserTransaction versus javax.jts.UserTransaction
- •B.7 How to obtain database connections
- •B.8 Session beans and primary key
- •B.9 Copying of parameters required for EJB calls within the same JVM
- •Appendix C Revision History
- •C.1 Changes since Release 0.8
- •C.2 Changes since Release 0.9
- •C.3 Changes since Release 0.95
- •C.4 Changes since 1.0
- •C.5 Changes since 1.1 Draft 1
- •C.6 Changes since 1.1 Draft 2
- •C.7 Changes since EJB 1.1 Draft 3
- •C.8 Changes since EJB 1.1 Public Draft
- •C.9 Changes since EJB 1.1 Public Draft 2
- •C.10 Changes since EJB 1.1 Public Draft 3
- •C.11 Changes since EJB 1.1 Public Release
- •C.12 Changes since EJB 1.1 Public Release
Sun Microsystems Inc.
Security management |
Enterprise JavaBeans v1.1, Final Release |
Bean Provider’s responsibilities |
The EJB architecture encourages the Bean Provider to implement the enterprise bean class without hard-coding the security policies and mechanisms into the business methods. In most cases, the enterprise bean’s business method should not contain any security-related logic. This allows the Deployer to configure the security policies for the application in a way that is most appropriate for the operational environment of the enterprise.
To make the Deployer’s task easier, the Application Assembler (which could be the same party as the Bean Provider) may define security roles for an application composed of one or more enterprise beans. A security role is a semantic grouping of permissions that a given type of users of the application must have in order to successfully use the application. The Applications Assembler can define (declaratively in the deployment descriptor) method permissions for each security role. A method permission is a permission to invoke a specified group of methods of the enterprise beans’ home and remote interfaces. The security roles defined by the Application Assembler present a simplified security view of the enterprise beans application to the Deployer—the Deployer’s view of the application’s security requirements is the small set of security roles rather than a large number of individual methods.
The Deployer is responsible for assigning principals, or groups of principals, which are defined in the target operational environment, to the security roles defined by the Application Assembler for the enterprise beans in the deployment descriptor. The Deployer is also responsible for configuring other aspects of the security management of the enterprise beans, such as principal mapping for inter-enterprise bean calls and principal mapping for resource manager access.
At runtime, a client will be allowed to invoke a business method only if the principal associated with the client call has been assigned by the Deployer to have at least one security role that is allowed to invoke the business method.
The Container Provider is responsible for enforcing the security policies at runtime, providing the tools for managing security at runtime, and providing the tools used by the Deployer to manage security during deployment.
Because not all security policies can be expressed declaratively, the EJB architecture provides a simple programmatic interface that the Bean Provider may use to access the security context from the business methods.
The following sections define the responsibilities of the individual EJB roles with respect to security management.
15.2 Bean Provider’s responsibilities
This section defines the Bean Provider’s perspective of the EJB architecture support for security, and defines his responsibilities.
15.2.1 Invocation of other enterprise beans
An enterprise bean business method can invoke another enterprise bean via the other bean’s remote or home interface. The EJB architecture provides neither programmatic nor deployment descriptor interfaces for the invoking enterprise bean to control the principal passed to the invoked enterprise bean.
11/24/99 |
220 |